Measurement-based admission control utilizing effective envelopes and service curves

ABSTRACT

The admission control algorithm implements measurement-based connection admission control using effective envelopes of an arriving traffic aggregate and the service curves of the corresponding departing traffic aggregate. The approach provides the statistical service guarantees to a variety of service classes. According to the admission control algorithm, arriving traffic is admitted if the sum of the effective envelopes of the arriving traffic entering a network and admitted traffic currently in the network is less than or equal to the service curve.

BACKGROUND AND SUMMARY OF THE INVENTION

The present invention relates generally to network-based communicationarchitecture. More particularly, the invention relates to providingcontrolled quality of service in packet-based networks through admissioncontrol.

Currently much of the Internet is designed to provide “best effort”service. The Internet Protocol (IP) is designed to deliver packets ofinformation to an ultimate destination through any available internallinks that enable delivery. The actual time it takes to deliver thesepackets depends on the route taken and the traffic congestionencountered en route. The original design of the Internet Protocolfocused on providing ultimate delivery, with the actual time to achievedelivery being only a secondary consideration.

As the uses for the Internet have grown, and as Internet traffic hasexpanded geometrically, the original emphasis on delivery over timing isbeing challenged. With multicast applications and streaming audio andvideo applications growing in popularity, packet delivery time hasbecome a central focus. Quality of Service (QoS) is a term often used todescribe the degree to which a communications network providesreliability, availability, and timely throughput. Quality of serviceaddresses issues such as transmission speed, timeliness of packetdelivery, amount of jitter a network introduces into packet streams, andthe probability of outright packet loss. As businesses begin to relymore and more on their Internet presence, some have expressedwillingness to pay more for higher quality of service because the higherquality of service translates directly into a smoother, more responsiveexperience for their customers. Some Internet Service Providers thusoffer different service level agreements through which they commit toprovide different levels of service quality at different fee rates.

There are many proposals for improving quality of service inpacket-switched networks such as the Internet. Quality of service may beimproved at the individual router level by making the routers faster andmore intelligent. However, this also increases system cost. Otherproposals address the quality of service issue at the network modellevel. At the network model level, the performance of individual routersare largely ignored; focus instead shifts to the aggregate performanceof all routers in the network. One popular approach is to consider theaggregate network only in terms of its outer boundary or end-to-endperformance. Using such an analytical approach, the performance of theentire network, and the quality of service it provides, can be largelycontrolled by the behavior of the routers occupying the edge of thenetwork (that is, the routers at the ingress and egress points).

There are several end-to-end network models for controlling quality ofservice (QoS) in popular use today. Among the leading models areIntegrated Services (IntServ), Multi-Protocol Label Switching (MPLS),and Differentiated Services (DiffServ). IntServ supports a per flowquality of service guarantee. It employs a relatively complexarchitecture in which resources are reserved by means of a signalingprotocol that sets up paths and reserves resources. MPLS providesanother quality of service guarantee approach that focuses on packetforwarding. Packets are assigned labels at the ingress of anMPLS-compatible domain. Subsequent classification, forwarding, andservices for the packets are then based on those labels.

Models such as IntServ and MPLS address QoS on a per connection basisand can present scalability difficulties. To provide better scalability,other models have been proposed that address QoS on a traffic aggregatebasis. DiffServ is one example of such a model. DiffServ providesquality of service guarantees to packet aggregates by marking packetsdifferently to create different packet classes/aggregates that areentitled to different quality of service handling.

For the most part, aggregate traffic-based network models share a numberof common concepts. They begin from a premise that the network can becharacterized as having edge and core routers. The edge routers acceptcustomer traffic (i.e., packets from any source outside the network).The core routers provide transit packet forwarding services among othercore routers and/or edge routers. The edge routers control ingress oftraffic and thus perform an important admission control function, bypermitting or declining requests by outside traffic to enter thenetwork. With the ultimate traffic flow being controlled by the edgerouters through admission control, the core routers simply need todifferentiate traffic insofar as necessary to cope with transientcongestion within the network itself. The network models may employstatistical multiplexing to maximize utilization of the core routerresources.

Predicting and controlling traffic flow through a network at anaggregate level is a very complex problem. Admission control algorithmsthat overly restrict ingress waste internal core router resources. Onthe other hand, admission control algorithms that are too lax can floodthe network with too much traffic, resulting in severe drops in qualityof service. Numerous admission control algorithms have been proposed andwhile some have been quite ingenious, there remains a great deal of roomfor improvement.

For example, Centinkaya and Knightly, in an article entitled “EgressAdmission Control,” IEEE Info. Comm. 2000, describe a framework forscalable quality of service provisioning in which admission controldecisions are made at the egress routers based solely on aggregatemeasurements obtained at the egress router. They introduce ameasurement-based service envelope as a way to adaptively describe theend-to-end service received by a traffic class.

For a more complete understanding of the invention, its objects andadvantages, refer to the following description and to the accompanyingdrawings.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a network diagram illustrating an exemplary end-to-end networkmodel, useful in understanding the admission control algorithm of thepresent invention;

FIG. 2 is a block diagram illustrating the pertinent parametersassociated with arriving traffic and admitted traffic in a network;

FIG. 3 a is a flowchart diagram of the presently preferred admissioncontrol algorithm, illustrating global effective envelopes;

FIG. 3 b is a similar flowchart diagram of the presently preferredadmission control algorithm, illustrating local effective envelopes;

FIG. 4 is a graph illustrating the calculation of delay bound;

FIG. 5 is a timing diagram illustrating an example of a measured timeinterval, where T=3τ and M=2;

FIGS. 6 a and 6 b are graphs illustrating measured arriving traffic fortime interval ≦100 ms;

FIGS. 7 a and 7 b are graphs illustrating measured service envelope fortime interval ≦100 ms; and

FIGS. 8 a, 8 b, and 8 c are graphs of average link utilization as afunction of delay bound for three different scenarios, for delay boundd≦100 ms.

DESCRIPTION OF THE PREFERRED EMBODIMENT

A measurement-based admission control algorithm is based on the globaleffective envelopes of an arriving traffic aggregate and upon theservice curves of the corresponding departing traffic aggregate. Such anadmission control algorithm is well adapted to a variety of differentnetwork models. Although the algorithm will be principally described inthe context of a multi-router network, the concepts employed are equallyapplicable to autonomous network systems and even switching devices. Ina switching device, for example, the switch hardware/software providesfor several input ports and output ports. The present invention may beused to control traffic flow among these input and output ports.Therefore, this algorithm is applicable to “networks” of differentarchitectural granularities, ranging from single-device switches tolarge, multiple-device computer network domains.

Referring to FIG. 1, an exemplary network is illustrated at 10. Network10 includes a plurality of edge routers, such as router 12 and router14, that are in turn connected to a plurality of core routers 16. Forpurposes of illustration, edge router 12 serves as the ingress node 18,and edge router 14 serves as the egress node 20. Arriving traffic entersthrough the ingress node 18 and departing traffic leaves through theegress node 20, as illustrated.

For purposes of illustration, arriving aggregate traffic 22 comes from asecond network 24 via edge router 28. For purposes of illustration, itwill be assumed that a traffic conditioner or regulator function 28limits the flow of arriving aggregate traffic 22 to within predefinedbounds. The traffic conditioner 28 may be located within the secondnetwork 24 (such as in edge router 26). The traffic conditioner orregulator 28 may be implemented at the ingress node 18 to force arrivingtraffic to comply with the traffic specification submitted by thesender. The traffic conditioner or regulator 28 may be modeled as aleaky bucket that provides a simple metering function. Alternatively,the traffic conditioner 28 may provide more sophisticated trafficshaping functions where the temporal characteristics of a traffic classare selectively modified by delaying local packet forwarding. Forpurposes of illustration, departing aggregate traffic 30 exits edgerouter 14 and enters network 32.

Network 10 implements an admission control function 34 to determinewhich of the packets of arriving aggregate traffic 22 are admitted tothe network 10 and which are blocked. The admission control function 34may be localized in a single router, such as edge router 12.Alternatively, the admission control function can be distributed acrossthe network, with the function being performed by multiple routerswithin the network 10. The admission control function 34 implements anadmission control algorithm that is based upon a global effectiveenvelope 36 of the arriving aggregate traffic 22 and upon service curves38 of the departing aggregate traffic 30.

FIG. 2 illustrates network 10 with arriving traffic 22, admitted traffic46, and departing traffic 30 being shown in greater detail. The figureintroduces terms that will be useful in understanding the algorithm.

Associated with arriving traffic 22 is a deterministic envelope 42. Thedeterministic envelope may be characterized in terms of three variables:peak traffic rate, average traffic rate, and burst size parameter. Thearriving traffic 22 also is assumed to have an associated quality ofservice requirement 44. Typically each class of service would have itsown quality of service requirement. Thus multiple QoS requirements areillustrated at 44 in FIG. 2. The QoS requirements may be characterizedby the following variables: probability of delay violation and delaybound.

The admitted traffic 46 may be differentiated from the arriving traffic22, in that the admitted traffic 46 has already passed the admissioncontrol point and is thus currently flowing in network 10. When theadmitted traffic 46 leaves network 10, it is called departing traffic30. The departing traffic 30 has associated with it a service curve orservice envelope 48 that is measured by monitoring each packet's arrivaltime and departure time.

One variation of the admission control algorithm uses the associateddeterministic envelope 42 of the arriving traffic 22 and the associatedservice envelope 48 of the departing traffic 30 in making a decisionwhether to admit or deny arriving traffic 22. FIGS. 3 a and 3 b show thepresently preferred algorithm in flowchart form. A more rigorousmathematical derivation of the preferred algorithm is presented below.The flowcharts of FIGS. 3 a and 3 b make reference to specific equationsfrom the detailed mathematical derivation, where applicable. Adiscussion of the flowchart will be presented first, as a way ofintroducing the detailed mathematical derivation that follows.Specifically, FIG. 3 a applies to global effective envelopes; FIG. 3 bapplies to local effective envelopes. The content of these two figuresis similar; hence a detailed discussion of FIG. 3 a is presented belowand may be considered applicable to FIG. 3 b, except where themathematical derivation differs, as will be evident by comparing theFigures.

Referring to FIG. 3 a, the preferred algorithm begins at step 60 with arequest to be admitted to the network. As part of the request, theincoming traffic submits its traffic characterization, which isexpressed in terms of characterization parameters 62. The specificparameters used by the presently preferred embodiment are:

-   -   Deterministic Envelope A_(j)*(τ);    -   Quality of Service Requirements, QoS;    -   Delay Bound, d;    -   Probability of Delay Violation, ε.

Next, at step 64, the algorithm constructs a global effective envelopefor the arriving traffic, based on the submitted parameters 62. In themathematical derivation that follows, the global effective envelope forarriving traffic is characterized as G_(new). The G_(new) envelope isdepicted in FIG. 3 at 66. As indicated by the dashed lines and bracketednotation, step 64 is performed using equations 3.8–3.11.

The algorithm continues at step 68, where a global effective envelopefor the admitted traffic is constructed based on measured statistics.Specifically, the measured statistics, listed at 70, include the averageand the variance of the amount of arriving aggregate traffic. In thedetailed mathematical derivation which follows, the global effectiveenvelope for admitted traffic is designated as G_(N) _(q) ^(q). In FIG.3, this G_(N) _(q) ^(q) envelope is shown at 72.

The final admission control decision, step 74, is made based on ananalysis of both global effective envelopes 66 and 72, along with theservice curve 40 calculated using equation 4.5 and the algorithm shownin Table 1 below. Specifically, the admission control decision willadmit incoming traffic if:G _(new) +G _(N) _(q) ^(q) ≦S ^(q)For a more precise statement of the above admission control condition,see the following detailed description and, in particular, Eqn. (3.12).Detailed Description of Preferred Admission Control Algorithm

A detailed description of the preferred algorithm will now be providedbelow. For purposes of illustration, a Differentiated Service (DS) orDiffserv architecture will be assumed. The invention is not limited tothe DS architecture inasmuch as the admission control algorithm of theinvention may be used with a variety of network architectures.

In order to provide Quality of Service (QoS), the Integrated Services(IS) architecture uses a signaling protocol to set up resourcereservations at all routers along the path. Since this approach requiresthat all routers have to keep per-flow state and process the per-flowresource reservations, this approach has known scalability problems.Differentiated Service (DS) is another approach to provide QoS, butwithout the restriction on scalability. Routers need only implementscheduling and buffering mechanisms and apply them based on the DS CodePoint (DSCP) presented in the header of arriving packets. The end-to-endQoS service across several domains is built by combining the per domainbehaviors (PDBs) of individual DS domains. PDBs, an active area ofresearch, are constructed by an appropriate deployment of per-hopforwarding behaviors (PHBs). Several DS domains can exist within asingle autonomous system (AS). DS addresses scalability by providing QoSguarantees on an aggregate traffic level.

As discussed above, one of the critical requirements for serviceprovisoining across a DS domain is the presence of an effectiveConnection Admission Control (CAC). Such admission control can beutilized while establishing dynamic service level agreements (SLAs) forpremium service across DS network, or consulted upon re-negotiations ofstatic SLAs. A Bandwidth Broker (BB) entity of a DS domain is a typicalplace for such admission control. The difficulty involved in designingan effective CAC is that many solutions lead toward topology-dependentimplementations, thus limiting their scope and increasing theircomplexity.

To implement admission control for DS without scalability problems,several researchers have proposed various forms of Endpoint CAC. In thisdesign, the endpoints of a DS domain (ingress/egress routers) performadmission control and resource management. The routers measure trafficin the network to detect the level of available resources and admit anew connection if, and only if, the detected level of resource issufficiently high.

The preferred embodiment provides a measurement-based CAC algorithm,which provides statistical QoS guarantees on a traffic aggregate levelin a DS domain. The ingress traffic arriving at the boundary of a DSdomain is assumed to be conditioned by the upstream domains, policed byour domain to adhere to the rules of an established SLA, and furthermarked with the appropriate DSCP. Leaky-bucket based policers, shapersand markers are widely proposed. As the DS architecture extends some PDBfor a traffic aggregate, we call this traffic aggregate a class in asubsequent discussion (different from DS class). We target the PDBs,which offer delay guarantees to a classified traffic aggregate givenboth delay and delay violation probability. We describe thedeterministic envelopes, i.e., arriving traffic envelopes and serviceenvelopes, and the bound on performance characteristics that can beobtained from those envelopes. We then derive a measurement-based CAC toestablish dynamic SLA and provide statistical guarantees for a varietyof service classes by exploiting the statistical traffic envelopes,called global effective envelopes and service curves. To obtain theseenvelopes, we use the measurement approach. The measurement of theservice curves allows our admission control condition to work withoutthe knowledge of the topology of the DS domain and cross traffic in thedomain.

Let us consider a traffic arriving to a network domain. The trafficenters the domain at an ingress node 18 and destines to an egress node20 (see FIG. 1). In the following we consider a continuous-time fluidflow traffic model. An arriving traffic from different flows isdifferentiated by its QoS requirements. Here we consider the probabilityof delay violation and the delay bound as the QoS requirements ofinterest. An arriving traffic with the same QoS requirements, i.e., thesame delay bound and probability of delay violation requirements, istreated as a service class. Hence, traffic arriving to the domain ispartitioned into Q classes. We use N_(q) to denote the number of flowswithin a class q.

The arriving traffic from the flow j of the class q in an interval(t₁,t₂) is denoted as A_(j) ^(q)(t₁,t₂). We assume that traffic arrivalfrom each flow j is regulated by a traffic conditioner and upper boundedby a deterministic subadditive envelope A_(j) ^(q)* (τ) as follows:A _(j) ^(q)(t,t+τ)≦A _(j) ^(q)*(τ) ∀t≧0,∀τ≧0.  (2.1)

The arriving traffic is characterized by the deterministic envelope witha set of parameters. The most commonly used traffic regulators are leakybuckets with a peak rate enforcer. The traffic on flow j ischaracterized then by three parameters (P_(j), σ_(j), ρ_(j)) with adeterministic envelope given byA _(j) ^(q)*(τ)=min{P _(j) ^(q) τ,σ _(j) ^(q)+ρ_(j) ^(q)τ} ∀τ≧0  (2.2)where P_(j) ^(q)≧ρ_(j) ^(q) is the peak traffic rate, ρ_(j) ^(q) is theaverage traffic rate, and σ_(j) ^(q) is the burst size parameter.

As a generalization of the peak-rate enforced leaky bucket, the trafficon flow j may be characterized by a set of parameters {σ_(jk) ^(q),ρ_(jk) ^(q)}_(k=1, . . . , k) _(j) , with a deterministic envelope

$\begin{matrix}{{A_{j}^{q^{*}}(\tau)} = {\min\limits_{{k = 1},\ldots\mspace{11mu},K_{j}^{q}}\left\{ {\sigma_{jk}^{q} + {\rho_{jk}^{q}\tau}} \right\}}} & (2.3)\end{matrix}$where K_(j) ^(q) is the number of leaky-bucket pairs.

It is also noted that flows from the same service class can becharacterized by different deterministic envelopes, but still have thesame QoS requirements.

We use A_(j) ^(qout) (t₁,t₂) to denote the traffic from flow j of theclass q leaving the domain at the egress node in an interval (t₁,t₂). Wethen define the aggregate traffic of class q as follows: the aggregateof arriving traffic

${A_{Nq}\left( {t_{1},t_{2}} \right)} = {\sum\limits_{j\;\varepsilon\; N_{q}}{A_{j}^{q}\left( {t_{1},t_{2}} \right)}}$and the aggregate of departing traffic

${A_{Nq}^{out}\left( {t_{1},t_{2}} \right)} = {\sum\limits_{j\;\varepsilon\; N_{q}}{{A_{j}^{qout}\left( {t_{1},t_{2}} \right)}.}}$For a time interval of length β, we define the empirical envelope,E_(Nq)(τ,β) of an arriving aggregate N_(q) of flows from class q, whichis the upper bound of the arriving aggregate in any time interval oflength τ≦β as follows:

$\begin{matrix}{{E_{Nq}\left( {\tau;\beta} \right)} = {\sup\limits_{{({t,{t + \tau}})} \subseteq \beta}{A_{Nq}\left( {t,{t + \tau}} \right)}}} & (2.4)\end{matrix}$

In the following, we will focus our discussion on the aggregate trafficof a single service class and drop the index ‘q’. We will introduce thedefinition of a service curve and its application. We assume that thereis no traffic in the domain at time t=0. Therefore, for an aggregatetraffic, the amount of backlogged traffic in the domain at any time t,B(t), is given by

$\begin{matrix}{{B(t)} = {{{A_{N}\left( {0,t} \right)} - {A_{N}^{out}\left( {0,t} \right)}} \geq 0.}} & (2.5)\end{matrix}$Also the ingress-to-egress delay suffered by the aggregate traffic attime t is denoted by d(t) and is defined as follows:d(t)=min{z:z≧0 and A _(N)(0,t)≦A _(N) ^(out)(0,t+z)}  (2.6)Definition of Service Curve

Let S(•) be a non-decreasing function, with S(0)=0. We say that thedomain guarantees the service curve S(•) for the aggregate traffic iffor any time t, there exists s≦t such that B(s)=0 and A_(N)^(out)(s,t)≧S(t−s).

It can be seen that S(t−s) specifies the lower bound of the amount ofthe aggregate traffic needed to be served and depart from the domainduring some interval (s,t), where the domain is empty at time s.

From the definition of service curve, the upper bound of delay can beobtained as follows. Consider a busy period of length β. Let s denotethe starting time of the busy period, that is, B(s)=0 andA_(N)(0,s)=A_(N) ^(out)(0,s). We assume that the domain guarantees theservice curve S(•), that is A_(N) ^(out)(s,t)≧S(t−s), where s≦t+d≦β.From the definition of service curve, we have A_(N) ^(out)(s,t+d)=A_(N)^(out)(0,t+d)−A_(N)(0,s)≧S(t+d−s). From Eqn. (2.6), thus,A_(N)(0,t)≧A_(N) ^(out)(0,t+d)≧A_(N)(0,s)+S(t+d−s). Hence, from Eqn.(2.4).A _(N)(s,t)≦E _(N)(t−s;β)≧S(t+d−s)  (2.7)

Defining τ=t−s, it follows that, for all time t≧0, the delay defined inEqn. (2.6) is upper bounded as follows:

$\begin{matrix}\begin{matrix}{{d(t)} \leq {\min\left\{ {z:{z \geq {0\mspace{20mu}{and}\mspace{20mu}{E_{N}\left( {\tau,\beta} \right)}} \leq {S\left( {\tau + z} \right)}}} \right\}}} \\{\leq {\max\limits_{0 \leq \tau \leq B}{\min\left\{ {z:{z \geq {0\mspace{14mu}{and}\mspace{14mu}{E_{N}\left( {\tau;\beta} \right)}} \leq {S\left( {\tau + z} \right)}}} \right\}}}}\end{matrix} & (2.8)\end{matrix}$From Eqn. (2.8), it is noted that the upper bound on delay is themaximum horizontal distance between the arriving aggregate envelope(E_(N)(τ,β)) and the service curve S(τ) (see FIG. 4). It is also notedthat β is upper bounded by β_(max), which is the maximum busy period ofthe aggregate traffic and can be determined as:

$\beta_{\max} = {\inf\left\{ {\tau \geq {0{\left. {{{\sum\limits_{j\;\varepsilon\; N}{A_{j}^{*}(\tau)}} \leq {S(\tau)}}} \right\}.}}} \right.}$Therefore, we will use β=β_(max) in the following discussions.

The preferred admission control algorithm exploits the deterministicenvelopes and the service envelopes to obtain the upper bound of thedelay experienced by an arriving traffic based on the worst-casescenario where it is assumed that all flows send traffic with their peakrate simultaneously.

In the next section, following the concept of the described envelopes,we will derive a statistical service where a small portion of traffic isallowed to violate the delay QoS requirements. We will use so calledglobal effective envelopes to characterize arriving aggregate trafficfor each class. Using these envelopes allows us to derive a CAC forstatistical services which can be created in the same fashion as fordeterministic services.

Probabilistic Guarantees with Effective Envelopes and Service Curves

In this section, we derive the probability of delay violation based onthe upper bound of the delay shown in the previous section. We thenobtain an admission control condition for a single service class byapplying the definition of local and global effective envelopespresented in R. Boorstyn, A. Burchard, J. Liebeherr, and C. Oottamakom,Effective envelopes: Statistical bounds on multiplexed traffic in packetnetworks, Proceedings of IEEE Info. Comm. 2000, Tel Aviv, Israel, March2000 (hereinafter “Boorstyn, et al.”). We finally discuss the admissioncontrol conditions for multiple service classes.

Probabilistic Guarantees with Local Effective Envelopes and ServiceCurves

Again we will first consider a single service class, allowing us to dropthe index ‘q’. An aggregate of arriving traffic from the same serviceclass A_(N)(t₁,t₂) has the same probability of delay violation, ε, anddelay bound requirement, d. A_(N)(t₁,t₂) are upper bounded by a familyof nonnegative random processes A_(N)(t₁,t₂), which have the followingproperties: (1) Stationarity: the statistical properties of A_(N)(t₁,t₂)do not change with time, and (2) Independence: The A_(N)(t₁,t₂) arestochastically independent among all service classes.

Let D_(N)(τ) denote the ingress-to-egress delay experienced by a bit ofan aggregate traffic of the N flows arriving at the domain at time τ. Weassume that D_(N)(τ) is a random variable. For a given delay bound d,the domain guarantees that the ingress-to-egress delay of any arrivingbit will not exceed the delay bound d; that is, for all timet≧0,0≦τ≦B_(max), from Eqn. (2.8), D_(N)(τ)=min{z:z≧0 andA_(N)(t,t+τ)≦S(τ+z)}≦d or, for all time t≧0,0≦τ≦B_(max),A_(N)(t,t+τ)≦S(τ+d). The delay violation occurs if ∃D_(N)(τ) such thatD _(N)(τ)≧dor, ∃τ such thatA _(N)(t,t+τ)>S(τ+d)

With Eqn. (2.8), the probability that the arriving traffic experiences adelay violation is required to be bounded by ε and we have, for all timet≧0,0≦τ≦B_(max),Pτ[D _(N)(τ)>d]=Pτ[A _(N)(t,t+τ)>S(t+d)]≦ε  (1)When a set of new flows requests the same service guarantees from a DSdomain, the CAC uses the admission control test to ensure that therequested service guarantees and other flows from all service classescan be simultaneously satisfied. From Eqn. (1), we can obtain theadmission control condition for a single service class by using thedefinition of local effective envelope as follows:Definition (Local Effective Envelope)

A local effective envelope for A_(N)(t,t+τ) is a function L_(N) thatsatisfies for all τ≧0 and all tPτ[A _(N)(t,t+τ)≦L _(N)(τ;ε)]≧1−εIt can be seen that a local effective envelope provides a probabilisticbound for the aggregate traffic A_(N)(t,t+τ) for any specific timeinterval of length τ.Lemma

Given a set of flows that is partitioned into M classes, each classcontains N_(m) flows with aggregate arrivals A_(N) _(m) . Let L_(N) _(m)(τ;ε) be the local effective envelope for class m. Then the followinginequality holds: given x,

${{{If}\mspace{14mu}{\sum\limits_{m}{L_{N_{m}}\left( {\tau;ɛ} \right)}}} \leq x},{{then}\mspace{14mu}{for}\mspace{14mu}{all}\mspace{14mu} t},{{\Pr\left\lbrack {{\sum\limits_{m}{A_{N_{m}}\left( {t,{t + \tau}} \right)}} > x} \right\rbrack} \leq {M \cdot {ɛ.}}}$We divide flows from the same service class into two categories, i.e.M=2. The first group is the set of flows, N, that are already admittedto the domain. The second group is the new set of flows, K, requestingthe QoS service from a DS domain. We denote L_(N) as the local effectiveenvelope of the first group and L_(new) as the local effective envelopeof the second group.Admission Control Condition for a Single Service Class

Using the definition of the local effective envelope and the lemma, fromEqn. (1) we have that the arriving traffic has a delay violation withprobability <ε ifL _(N)(τ,ε/2)+L _(new)(τ;ε/2)≦S(τ+d), for 0≦τ≦B _(max)  (2)

If, for the same service class, the set of new flows are regulated bydifferent deterministic envelopes A_(j)*, each set of flows sharing thesame A_(j)* have a different envelope L_(new) ^(j)(•;ε_(j)), where

${\sum\limits_{j}ɛ_{j}} = {ɛ/2.}$Therefore Eqn. (2) becomes

$\begin{matrix}{{{{L_{N}\left( {\tau;{ɛ/2}} \right)} + {\sum\limits_{j}{L_{new}^{j}\left( {\tau;ɛ_{j}} \right)}}} \leq {S\left( {\tau + d} \right)}},{{{for}\mspace{14mu} 0} \leq \tau \leq B_{\max}}} & (3)\end{matrix}$

The CAC in Eqn. (2) does not depend on the topology of the domain andthe scheduling algorithms within the domain, but the measurement-basedtraffic-characterized envelopes, which can be measured at an ingress andan egress node in a DS domain.

Local Effective Envelope using Measured Moment

We consider a set of admitted flows, N. We characterize the distributionof the aggregate traffic using the Central Limit theorem, which does notrequire knowledge of the underlying distributions of each flow. Anapproximate local effective envelope of the aggregate traffic can beobtained from the Central Limit Theorem as follows [1]. From thedefinition of the local effective envelope, we setPτ[A_(N)(t,t+τ)≧x]=ε/2 and we obtain,L _(N)(τ;ε/2)={overscore (X(τ))}+zσ(τ)  (4)where z has the approximate value z=√{square root over (|log(2πε)|)},and {overscore (X(τ))} and σ^(z)(τ) are measured average and variance ofthe amount of aggregate traffic, respectively. We will discuss thosemeasurements in the next section.

Since the number of new flows may be few, the Central Limit theorem maynot be the appropriate choice for constructing their local effectiveenvelope, i.e., the bound obtained may not be tight enough. Instead, wewill use the Chemoff bound, which provides a more rigorous bound on theaggregate traffic. The local effective envelope of a set of new flows,K, can then be obtained by using the Chemoff bound, and is given asfollow:

Recall the Chemoff bound for a random variable Y:Pτ[Y≧y]≦e ^(−sy) E[e ^(sy) ]∀s≧0  (5)We havePτ[A _(K)(t,t+τ)≧Kx]≦e ^(−K,x,s) M _(K)(s,τ),  (6)where M_(K)(s,τ) is the moment generating function of the aggregatetraffic.

In Boorstyn, et al., M_(K)(s,τ) is derived and given in terms of thedeterministic envelopes of the flows, which are the leaky bucketfunction in our case. s is chosen so that Eqn. (6) is minimal. Thesevalues of s and M_(K)(s,τ) yieldL _(new)(τ;ε/2)=Kmin{x,A _(K)*(τ)}  (7)

$\begin{matrix}{{\left( \frac{\rho\tau}{x} \right)^{\frac{x}{A_{K}^{*}{(\tau)}}}\left( \frac{{A_{K}^{*}(\tau)} - {\rho\tau}}{{A_{K}^{*}(\tau)} - x} \right)^{1 - \frac{x}{A_{K}^{*}{(\tau)}}}} \leq \left( {ɛ/2} \right)^{1/K}} & (8)\end{matrix}$where A_(K)*(τ) is a deterministic envelope for each new flow.Admission Control Condition for Multiple Service Classes

The admission control condition in Eqn. (2) does not guarantee that QoSrequirements of other service classes using the same ingress-to-egresspath will be satisfied if a new set of flows is admitted into thedomain. To be able to provide that guarantee, without loss ofgenerality, we assume that the new flows have the highest priority, andwe test the admission control condition for each of the service classes.This can be shown as follows. For each service class we obtain anarriving aggregate traffic envelope L_(N) _(q) ^(q)(τ;ε_(q)/2) and aservice envelope S^(q)(•). From Eqn. (2), the new flows with an arrivingenvelope L_(new)(τ;ε_(q)/2) will be admitted if the following conditionis satisfied: for all service classes q,L _(N) _(q) ^(q)(τ;ε_(q)/2)+L _(new)(τ;ε_(q)/2)≦S ^(q)(τ+d _(q)), for0≦τ≦B _(max)  (9)

In this section we show our CAC, which depends on the measurement-basedenvelopes (L_(N)(•;ε) and S(•)). In the next section we show how toobtain these envelopes.

Probabilistic Guarantees with Global Effective Envelopes and ServiceCurves

In this section, we derive the probability of delay violation based onthe upper bound of the delay shown in the previous section. We thenobtain an admission control condition for a single service class byapplying the definition of global effective envelope presented inBoorstyn, et al. We finally discuss the admission control conditions formultiple service classes.

Again we will first consider a single service class and drop the index‘q’. An aggregate of arriving traffic from the same service class in theinterval (t₁,t₂), A_(N)(t₁,t₂), has the same QoS requirements:probability of delay violation ε and delay bound requirement d.A_(N)(t₁,t₂) is characterized by a family of nonnegative randomprocesses, which have the following properties: (1) Stationarity: thestatistical properties of A_(N)(t₁,t₂) do not change with time, and (2)Independence: The A_(N)(t₁,t₂) are stochastically independent among allservice classes. Consider an interval of length of the maximum busyperiod β. Let D_(N)(t) again denote the ingress-to-egress delayexperienced by a bit of an aggregate traffic of the N flows arriving atthe domain at time t during the busy period. We assume that D_(N)(t) isa random variable.

For a given delay bound d, the domain guarantees that theingress-to-egress delay of any arriving bit will not exceed the delaybound d; that is, from Eqn. (2.8), for all τ, 0≦τ≦β,

$\begin{matrix}{{{D_{N}(t)} = {{\min\left\{ {z:{z \geq {0\mspace{14mu}{and}\mspace{14mu}\sup\limits_{{({t,{t + \tau}})} \subseteq \beta}{A_{N}\left( {t,{t + \tau}} \right)}} \leq {S\left( {\tau + z} \right)}}} \right\}} \leq d}}{{or},{{for}\mspace{14mu}{all}\mspace{14mu}\tau},{0 \leq \tau \leq \beta},}} & (3.1) \\{{\sup\limits_{{({t,{t + \tau}})} \subseteq \beta}{A_{N}\left( {t,{t + \tau}} \right)}} = {{E_{N}\left( {\tau;\beta} \right)} \leq {{S\left( {\tau + d} \right)}.}}} & (3.2)\end{matrix}$The delay violation occurs if ∃D_(N)(t) such thatD _(N)(t)≧dor, ∃t,τ such that

${\sup\limits_{{({t,{t + \tau}})} \subseteq \beta}{A_{N}\left( {t,{t + \tau}} \right)}} > {S\left( {\tau + d} \right)}$With Eqn. (3.2), the probability that the arriving traffic experiencesthe delay violation is required to be bounded by ε and we then havePτ[D _(N)(t)≦d,∀t,τ]=Pτ[E _(N)(τ;β)≦S(t+d), for all τ,0≦τ≦β]≦1−ε  (3.4)

Suppose a set of new flows requests the same service guarantees from aDS domain. The CAC uses the admission control test to ensure that therequested service guarantees and other flows from all service classescan be simultaneously satisfied. From Eqn. (3.4) we can obtain theadmission control condition for a single service class by using thedefinition of global effective envelope as follows:

Definition of Global Effective Envelope

A global effective envelope for an interval of length β is a subadditivefunction G_(N)(τ;β,ε) that satisfies:Pτ[E _(N)(τ;β)≦G _(N)(τ;β,ε),∀0≦τ≦β]≧1−εIt can be seen that a global effective envelope provides a probabilisticbound for the aggregate traffic A_(N)(t,t+τ) for every time interval oflength τ in β.Lemma

A set of flows is partitioned into M classes, and each class containsN_(m) flows with aggregate arrivals A_(N) _(m) . Let G_(N) _(m) (τ;β,ε)be the global effective envelope for class m. Then the followinginequality holds: given x,

${{{If}\mspace{14mu}{\sum\limits_{m}{G_{N_{m}}\left( {{\tau;\beta},ɛ} \right)}}} \leq x},{{then}\mspace{14mu}{for}\mspace{14mu}{all}\mspace{14mu} t},{{\Pr\left\lbrack {\exists{m{\exists{\tau:{{\sum\limits_{m}{E_{N_{m}}\left( {t,{t + \tau}} \right)}} > {x(\tau)}}}}}} \right\rbrack} \leq {M \cdot {ɛ.}}}$We divide flows from the same service class into two categories, i.e.,M=2. The first group is the set of flows, N, that are already admittedto the domain. The second group is the new set of flows, K, requestingthe QoS from the DS domain. We denote G_(N) as the global effectiveenvelope of the first group and G_(new) as the global effective envelopeof the second group.Admission Control Condition for a Single Service Class

Using the definition of the global effective envelope and the lemma,from Eqn. (3.4) we have that the arriving traffic has a delay violationwith probability <ε ifG _(N)(τ;β,ε/2)+G _(new)(τ;β,ε/2)≦S(τ+d), for 0≦τ≦B  (3.5)

If, for the same service class, the set of new flows are regulated bydifferent deterministic envelopes A_(j)*, each set of flows sharing thesame A_(j)* require a different envelope G_(new) ^(j)(•;β,ε_(j)), where

${\sum\limits_{j}ɛ_{j}} = {ɛ/2.}$Therefore Eqn. (3.5) becomes:

$\begin{matrix}{{{{G_{N}\left( {{\tau;\beta},{ɛ/2}} \right)} + {\sum\limits_{j}{G_{new}^{j}\left( {{\tau;\beta},ɛ_{j}} \right)}}} \leq {S\left( {\tau + d} \right)}},{{{for}\mspace{14mu} 0} \leq \tau \leq B}} & (3.6)\end{matrix}$

The CAC in Eqn. (3.5) does not depend on the topology of the domain andthe scheduling algorithms within the domain, but the measurement-basedtraffic-characterized envelopes, which can be measured at an ingress andan egress node in a DS domain.

Constructing the Global Effective Envelope

We consider a set of admitted flows, N. We characterize the distributionof the aggregate traffic using the Central Limit theorem, which does notrequire the knowledge of the underlying distributions of each flow. Anapproximate global effective envelope G_(N)(τ;β,ε) of the aggregatetraffic can be obtained from the Central Limit Theorem as follows. Fromthe definition of the global effective envelope, we set Pτ[E_(N)(τ;β)≧x,∀0≦τ≦β]≈ε. For given τ₀,βwe then have, for every integer k,G _(N)(τ;β,ε)≈α[{overscore (X((k+1)τ/k))}+z′σ(((k+1)τ/k)],∀τε[τ₀,β]  (3.7)where α=1+1/(k+1), z′ has the approximate value z′=√{square root over(|log(2πε′)|)} with ε′=τ₀(α−1)ε/βk, and {overscore (X(τ))} and σ²(τ) aremeasured average and variance of the amount of aggregate traffic,respectively. We will discuss those measurements in the next section.

From Eqn. (3.4) it can be seen that there are several possible globaleffective envelopes. For given τ₀,β, the method recursively calculatesthe k_(i), α_(i), and τ_(i) for 1≦i≦n, where τ_(n) is the first pointwhich is greater than β. We can therefore obtain n points of a globaleffective envelope as follows:

$\begin{matrix}{{k_{i} = {z\left( {z + \frac{\overset{\_}{X\left( \tau_{i - 1} \right)}}{\sigma\left( \tau_{i - 1} \right)}} \right)}},} & (3.8) \\{{\alpha_{i} = {1 + \frac{1}{k_{i} + 1}}},} & (3.9)\end{matrix}$τ_(i)=α_(i)τ_(i-1),  (3.10)and, from Eqn. (3.7),G _(N)(τ_(i);β,ε)≈α_(i)[{overscore (X((k _(i)+1)τ_(i) /k _(i)))}+z′σ((k_(i)+1)τ_(i) /k _(i))]  (3.11)where z=√{square root over (|log(2πε)|)}.

For a set of new flows, one can obtain the global effective envelope ofthe new flows G_(new) by using the same recursive method as follows.However, instead of using the measurement-based {overscore (X(τ))} andσ²(τ) in Eqs. (3.8) and (3.11), {overscore (X(τ))}=Kρ_(K)τ andσ²(τ)=Kρ_(K)τ(A_(K)*(τ)−ρ_(K)τ), where ρ_(K) is the long-term averageand A_(K)*(τ) is a deterministic envelope for each new flow.

Admission Control Condition for Multiple Service Classes

The admission control condition in Eqn. (3.2) does not guarantee thatQoS requirements of other service classes using the sameingress-to-egress path will be satisfied if a new set of flows isadmitted into the domain. To be able to provide their guarantees,without loss of generality, we assume that the new flows have thehighest priority and we test the admission control condition for all theservice classes. This can be shown as follows. For each service class weobtain an arriving aggregate traffic envelope G_(N) _(q)^(q)(τ;β,ε_(q)/2) and a service envelope S^(q)(•). From Eqn. (3.5), newflows, which have an arriving envelope G_(new)(τ;β,ε_(q)/2), will beadmitted if the following condition is satisfied: for all serviceclasses q,G _(N) _(q) ^(q)(τ;β,ε_(q)/2)+G _(new)(τ;β, ε_(q)/2)≦S ^(q)(τ+d _(q)),for 0≦τ≦B  (3.12)In this section we show our CAC, which depends on the measurement-basedenvelopes (G_(N)(•;β,ε) and S(•)). In the next section we show how toobtain these envelopes.Measurements of Perspective Envelopes

In this section we show how to measure the characteristic parameters forconstructing the global effective envelopes of the arriving aggregatetraffic and the service envelope of the departing aggregate traffic fora single service class. First we measure the average and variance of theamount of arriving aggregate traffic, which are used in Eqn. (3.3). Wethen measure the service envelope of a single service class traffic. Atthe end of this section we show the admission control algorithm that wewill use in the evaluation example below.

Measurement of Aggregate Arriving Envelopes

We are interested in the aggregate characteristic of an arriving trafficat ingress node. To characterize the aggregate traffic as a Gaussianprocess, we need to measure the first and second moment of the amount oftraffic arriving at the ingress node. Let A_(N)(t₁,t₂) denote thearriving traffic from an aggregate flow in the interval (t₁,t₂).Consider time to be slotted with equal length τ: i.e., for MPEG sources,we can think of τ as the frame time. We also divide time into M largeintervals whose length is T (see FIG. 5). For the m^(th) interval weobtain the bound of an arriving traffic X_(k) ^(m) as a function of timeinterval kτ. The bounded amount of the measured traffic over the m^(th)interval of length T from the current time t can be obtained as follows:

$\begin{matrix}{X_{k}^{m} = {\max\limits_{0 \leq n \leq {({\frac{T}{\tau} - k})}}{A\left\lbrack {{t - {mT} + {n\;\tau}},{t - {mT} + {\left( {n + k} \right)\tau}}} \right\rbrack}}} & (4.1)\end{matrix}$for m=1, . . . , M and

${k = 1},\;\ldots\mspace{11mu},{\frac{T}{\tau}.}$

Thus for every T time slot, the bounded envelope X_(k) ^(m) is obtained.From these envelopes we can obtain the average {overscore (X_(k))} andthe variance σ_(k) ² of the measured envelopes as follows:

$\begin{matrix}{{{\overset{\_}{X}}_{k} = {\sum\limits_{m = 1}^{M}\; X_{k}^{m}}}{and}} & (4.2) \\{\sigma_{k}^{2} = {\frac{1}{M - 1}{\sum\limits_{m = 1}^{M}\;\left( {X_{k}^{m} - {\overset{\_}{X}}_{k}} \right)^{2}}}} & (4.3)\end{matrix}$

τ, T, and M are the key parameters for the measurement. An improperchoice of τ, T, and M may lead to inaccurately characterizing thearriving aggregate traffic and consequently overestimating the bandwidthrequired by connections. We varied these parameters in our approach andfound that our approach is not very sensitive to such changes. Furtherdiscussion of how to choose the parameters can be found in C. Cetinkayaand E. Knightly, Egress Admission Control, In Proceedings of IEEE Info.Comm. 2000, Tel Aviv, Israel, March 2000; and D. Tse and M.Grossglauser, Measurement-Based Call Admission Control: Analysis andSimulation, In Proceedings of IEEE Info. Comm. 1997, Kobe, Japan, April1997.

We provide an example of an arrival envelope from a simulationexperiment in FIGS. 6 a and 6 b. FIG. 6 a, we plot the amount of arrivalaggregate traffic as a function of time interval, while FIG. 6 b depictsthe arrival aggregate rate as a function of time interval. Thesimulation consists of 120 multiplexed independent MPEG-2 video traces.These traces are obtained from the movie “Starship Troopers”(“Starship”). Starship has a peak rate of 18.6336 Mbps and an averagerate of 4.26 Mbps. The frame rate of Starship is 30 frames per second.This type of traffic has a large peak-to-mean ratio, indicatingsignificant burstiness. From FIG. 6, the arriving envelope and arrivalrate are significantly smaller than the peak envelope and peak rate,respectively. This is due to the statistical multiplexing of the trafficaggregate. As the figures show, given a long time interval, the amountof the arriving traffic and its arrival rate decrease toward the averagerate.

Measurement of Aggregate Service Envelopes

Consider traffic arriving at a DS domain at an ingress node and leavingat an egress node. For measuring service envelopes, we assume that theclocks in the domain are synchronized. We consider a packet system wherepackets are serviced at discrete times rather than continuous times.Each packet arriving at the ingress node will be time-stamped. Hence, atthe egress node, we are able to determine the ingress-to-egress delay ofeach packet. Let a_(j) denote the arriving time and d_(j) denote thedeparture time of the j^(th) packet. We consider this traffic to bebacklogged whenever at least one packet remains in the system. Thebacklogging condition can be checked by comparing the arriving and thedeparture times of packets. Traffic is continuously backlogged for kpackets in the interval [a_(j),d_(j+k−1)] ifd _(j+m) >a _(j+m+1), for all 0≦m≦k−2  (4.4)for k≧1.

Next, let ServEnv be a list containing (x,S_(j) ^(k)(x)) pairs whichrepresent the amount of time S_(j) ^(k)(x) required to service x bitswhen considering the packet j with k backlogged packets. Again consideran interval of length T, which contains the total number of arrivingpackets n. For packet j, we consider the delay of the packet and alsothe delay of the packets backlogged after this packet. We thus candefine S_(j) ^(k)(x) as follows:S _(j) ^(k)(x)=d _(j+k−1) −a _(j)  (4.5)for all k≧1 which satisfy the backlogging condition.A bounded service envelope can be obtained as follows:

-   -   Initialize (ServEnv)    -   for packet j=1 to n        -   S_(j)′<−d_(j)−a_(j)        -   x(S_(j)′)<−Size (packet (j))        -   k<−2        -   while (d_(j+k−2)>a_(j+k−1))            -   S_(j) ^(k)<=d_(j+k−1)−a_(j)            -   x(S_(j) ^(k))<−x(S_(j) ^(k−1))+Size (packet (j+k−1))            -   k<=k+1        -   Merge (ServEnv, (x(S_(j) ^(k)).S_(j) ^(k)) ∀k, ServEnv)    -   for i=(Length(ServEnv)−1) to 0        -   if (x[i]<x[i−1])            -   Remove (x[i−1],S[i−1])    -   Using ServEnv to plot a service envelope.        Table I Bounded Service Algorithm

FIG. 7 a shows a service envelope of an aggregate of departing trafficobtained from a simulation. The simulation consists of a node with a 622Mbps link and the same number of sources (Starship) used for FIGS. 6 aand 6 b. It is noted that the envelope is an increasing function. Inaddition, FIG. 7 b depicts the slope of the service envelope. The slopeof the envelope indicates variation of the service rate for theburstiness of the arriving aggregate flows.

Admission Control Algorithm using Local Effective Envelopes

I. To request the QoS for its traffic from a DS domain, the user submitsto a BB its traffic characterization containing A_(j)*(τ), QoSrequirements, d and ε.

II. CAC constructs a local effective envelope, L_(new), based on thesubmitted parameters by using Eqs. (7) and (8).

III. CAC then uses the measurement of the average and variance ofarriving traffic to construct local effective envelopes for admittedflows, L_(N) _(q) ^(q), from Eqn. (4).

IV. CAC finally makes an admission control decision based on L_(new),L_(N) _(q) ^(q), and S^(q) obtained from the previous section. Therequest is accepted if the condition in Eqn. (9) is true.

Admission Control Algorithm using Global Effective Envelope

I. To request the QoS for its traffic from a DS domain, the user submitsto a BB its traffic characterization containing A_(j)*(τ), QoSrequirements, d and ε.

II. CAC constructs a global effective envelope, G_(new), based on thesubmitted parameters by using Eqs. (3.8)–(3.11).

III. CAC then uses the measurement of the average and variance ofarriving traffic (obtained from Eqs. (4.2) and (4.3) respectively) toconstruct global effective envelopes for admitted flows, G_(N) _(q)^(q), from Eqs. (3.8)–(3.11).

IV. CAC finally makes an admission control decision based on G_(new),G_(N) _(q) ^(q), and S^(q) obtained from the previous section. Therequest is accepted if the condition in Eqn. (3.12) is true.

Evaluation and Simulation Results

In this section, we evaluate the effectiveness of our CAC condition. Weconsider a case where all flows are homogeneous, i.e., all flows satisfythe same deterministic envelope and require the same delay QoS guaranteefrom a DS domain. Starship is again used as a traffic source. Forsimulations, we set the probability of delay violation ε=10⁻⁶ and varythe delay bound requirement d. We consider a DS domain, which has anegress node with a link capacity of 622 Mbps (C=622 Mbps for allsimulations). All links in the domain have the same capacity as theegress link. Each node has a FIFO scheduler. We consider three scenarioswhere the number of nodes and amount of cross traffic in the domain arechanged as follows:

I. The DS domain consists of a node without any cross traffic (see FIG.8 a).

II. The DS domain consists of two nodes without any cross traffic (seeFIG. 8 b).

III. The DS domain consists of three nodes with some cross traffic (seeFIG. 8 c).

Note that in configuration III, we use 40 flows of Starship as crosstraffic requesting the same QoS requirements as the main traffic.

We will evaluate our approach (‘Approach’) by using the CAC algorithmdescribed above. As benchmarks for our approach, we also investigate twoof the following approaches and a set of simulations (‘Simulation’).First, we consider average rate allocation (‘Average Rate’), where themaximum number of admissible flows is determined by the link capacitydivided by the long-term average rate of each flow and, therefore, theaverage link utilization for this approach is unity. Second, we considerthe peak rate allocation (‘Peak Rate’), where the maximum number ofadmissible flows is determined by the link capacity divided by the peakrate of each flow. For simulation purposes, each flow starts randomlysending traffic into the DS domain. Many simulations are performed. Theaverage result of the simulation is presented. We compare the averagelink utilization, U_(ave), obtained from each approach. U_(ave) isdefined as follows:

$U_{ave} = \frac{\sum\limits_{j = 1}^{N}\;\rho_{j}}{C}$where N is the number of connections admitted to the domain, ρ_(j) isthe long-term average rate of each flow, and C is the link capacity atthe egress node.

FIGS. 8 a–8 c show the three scenarios we investigate and thecorresponding results where the average link utilization is a functionof the delay bound. From the results, the link utilization obtained bythe simulations and our approach is considerably higher than the oneobtained by the peak rate allocation. This shows that the simulationsand our approach can exploit the multiplexing gain from the trafficaggregate and, hence, yield high link utilization. For example, fromFIG. 8 a, for the delay bound d=10 ms, the simulation and our approachyield 86% of the link utilization while the peak rate allocation canonly achieve 82%. In addition, the results show that our approach canaccurately characterize arriving and departing aggregate traffic. FIGS.8 b–8 c show that our approach can determine an accurate condition ofthe domain without the knowledge of the underlying topology and crosstraffic, and yield link utilization close to simulation results.

From the foregoing it will be appreciated that the measurement-basedadmission control algorithm exploits global effective envelopes andservice envelopes to accurately characterize arriving and departingaggregate traffic. The CAC algorithm is tunable through a set ofparameters. The algorithm is scalable and can support a variety ofservice classes. We showed the effectiveness of the CAC algorithm bycomparing the link utilization obtained by the algorithm to results fromsimulations. While the invention has been described in its presentlypreferred form, it will be understood that the principles of theinvention may be applied to many applications and that implementationdetails of the algorithm can be varied without departing from the spiritof the invention as set forth in the claims.

1. A method of performing admission control for traffic flows thatencompass two or more service classes in a network, comprising:determining for each service class a first effective envelope associatedwith arriving traffic entering said network, where the first effectiveenvelope is a function over a time interval that defines an upper boundon aggregate arriving traffic from a given service class; determiningfor each service class a second effective envelope associated withadmitted traffic currently in said network, where the second effectiveenvelope is a function over a time interval that defines an upper boundon admitted traffic from a given service class; determining for eachservice class a service curve by measuring departing traffic leavingsaid network; testing an admission control condition for each of theservice classes, where the admission control condition is satisfied whenthe sum of the first and second effective envelopes for a given serviceclass is less than or equal to the service curve for the given serviceclass; and admitting said arriving traffic when the admission controlcondition is satisfied for each of the service classes.
 2. The method ofclaim 1 wherein said first and second effective envelopes are globaleffective envelopes.
 3. The method of claim 1 wherein said secondeffective envelope is a global effective envelope determined as afunction of measured average and variance of an aggregate of admittedtraffic.
 4. The method of claim 1 wherein said first and secondeffective envelopes are local effective envelopes.
 5. The method ofclaim 1 wherein said second effective envelope is a local effectiveenvelope determined as a function of measured average and variance of anaggregate of admitted traffic.
 6. The method of claim 1 wherein saidfirst effective envelope is based on an aggregate of arriving traffic.7. The method of claim 6 wherein said aggregate is determined bymeasuring an aggregate arrival flow at plural time intervals and bycalculating average and variance of said aggregate arrival flow.
 8. Themethod of claim 1 wherein said second effective envelope is recursivelycalculated.
 9. The method of claim 1 wherein said service curve isdetermined based on measured packet delay.
 10. The method of claim 1wherein said service curve is determined by developing a list of pairsrepresenting the amount of time required to service one packet ofinformation and the number of backlogged packets of information, andusing said list to determine a bounded service envelope.